<?php

!defined('IN_NOVA') && exit('Access Denied!');

class Safe {

	public function start() {
		global $request;

		$action = $request->get( 'p' );

		switch( $action ) {
			case 'del':
				$this->log_del();
				break;
			default:
				$this->show( $action );
		}
	}

	private function log_del() {
		// 只能删除一周之前的日志
		global $db;
		$control = $request->get( 'Control','P' );
		$sql = $request->get( 'SQL','P' );
		if( $control == '删除' ) {
			$log_array = $db->fetch_all( "SELECT time FROM `" . DB_PREFIX . "safelog` WHERE ( $sql )" );
			$check = false;
			foreach( $log_array as $log_item ) {
				if( ( PHP_TIME - $log_item['time'] ) < 3600 * 24 * 7 ) $check = true;
			}
			if( $check ) {
				$this->show( 'list', '只能删除一周之前的安全日志', 'error' );
			}else{
				$db->query( "DELETE FROM `" . DB_PREFIX . "safelog` WHERE ( $sql )" );
				$this->show( 'list', '删除安全日志成功', 'warning' );
			}
		}
	}

	private function show( $action, $message = '', $type = '' ) {
		global $cache;
		if( $message != '' ) {
			$message = '<p class="' . $type . '">' . $message . '</p>';
		}
		@header("content-type: text/html; charset=utf-8");
?>
<div class = "admin_panel">
	<div class = "admin_title">安全日志</div>
	<div class = "admin_content">
		<!--<div style="padding:5px;margin:2px;border:1px solid #96C2F1;background-color: #EFF7FF;"><a href="admin_safe.php?action=FileCheck">文件校验</a> | <a href="admin_safe.php?action=safelog">安全日志</a></div>-->
		<?php
		switch( $action )
		{
			//case 'FileCheck':
			//	file_check();
			//	break;
			//case 'safelog':
			//	safe_log();
			//	break;
			case 'Batch':
				$this->safe_log( 'batch' );
				break;
			default:
				$this->safe_log();
		}
		?>
	</div>
</div>
<?php
	}

	private function safe_log( $action = 'list' ) {
		global $db,$request;
		$current_page = max( 1, $request->page );
		$max_per_page = 20;
		if( $action == 'batch' ) {
			$id_arr = array();
			$id_arr = $request->get( 'id_arr','P','array' );
			$control = $request->get( 'Control','P' );
			$size = count( $id_arr );
			if( $size == 0 ) {
				obclean();
				$this->show( 'list', '您没有选中任何日志', 'error' );
				return;
			}
			$sql = '';
			for( $i=0; $i<$size; $i ++ ){
				$sql .= 'sid=' . $id_arr[$i] . ' OR ';
			}
			$sql = substr( $sql,0,-4 );
			$log_array = $db->fetch_all( 'SELECT sid,description,time,username FROM `' . DB_PREFIX . "safelog` WHERE ( $sql ) ORDER BY sid DESC" );
		}else{
			$offset = ($current_page - 1) * $max_per_page;
			$log_array = $db->fetch_all( 'SELECT sid,description,time,username FROM `' . DB_PREFIX . "safelog` ORDER BY sid DESC LIMIT $offset, $max_per_page" );
		}
?>
<?php if( $action == 'list' ) { ?><form name="smslist" action="admin_safe.php?action=Batch" method="post"><?php } ?>
	<div style="padding:5px;margin:2px;">      
		<table <?php if( $action == 'list' ) { ?>class="pickme"<?php } ?> style="table-layout: fixed;word-wrap: break-word;" width="100%" border="0" cellpadding="0" cellspacing="1" bgcolor="#bbbbbb">
			<thead>
				<tr align="center" height="22" bgcolor="#ffffff">
					<td width="3%"><?php if( $action == 'list' ) { ?><input type="checkbox" name="allbox" onclick="CheckAll();"><input type="checkbox" id="ckbox" style="display:none;" disabled><?php } ?></td>
					<td width="4%">序号</td>
					<td width="24%">操作者</td>
					<td width="20%">时间</td>
					<td width="40%">描述</td>
					<td width="9%">管理操作</td>
				</tr>
			</thead>
			<tbody>
			<?php
				$i = 1;
				foreach( $log_array as $value ) {
			?>
				<tr align="center" height="20" bgcolor="#ffffff">
					<td ><?php if( $action == 'list' ) { ?><input type="checkbox" id="ckbox" name="id_arr[]" value="<?php echo $value['sid'] ?>" /><?php } ?></td>
					<td><?php if( $action == 'list' ) { echo ( $current_page - 1 ) * $max_per_page + $i; }else{ echo $i; } ?></td>
					<td><?php echo $value['username'] ?></td>
					<td><?php echo date( 'Y-m-d H:i:s', $value['time'] ) ?></td>
					<td style="text-align:left;padding-left:3px;"><?php echo /*safe_str_filter(*/ $value['description'] /*)*/ ?></td>
					<td></td>
				</tr>
				<?php
					$i ++;
				}
				?>
			</tbody>
		</table>
	</div>
	<?php if( $action == 'list' ) {
		$log_num = $db->result( "SELECT COUNT(sid) FROM `" . DB_PREFIX . "safelog`" );
		echo Admin::get_navigator( $log_num, $max_per_page, $current_page, 'safe', 'list' ); ?>
		<div align="center">批量管理选项: <input type="radio" name="Control" value="删除" checked="checked"/>删除 <input type="submit" name="Submit" class="main_button" value="执行操作" /></div>
	<?php }else{ ?>
		<div style="padding:5px;margin:2px;">
		<form name="smslist" action="admin_safe.php?action=del" method="post">
			<input type="hidden" name="SQL" value="<?php echo $sql ?>"/>
			<?php
				if( $control == '删除' ) {
			?>
				<input type="hidden" name="Control" value="删除"/>
				<input type="submit" name="submit" class="main_button" value="确认删除" />
			<?php
				}
			?>
			</form>
		</div>
	<?php } ?>
<?php if( $action == 'list' ) { ?></form><?php } ?>
<div class="main_button"></div>
<?php
	}

	private function main() {
?>
<div style="padding:10px;">
	欢迎来到 <b>安全中心</b>，在这里您可以校验博客文件、查看安全日志。
</div>
<?php
	}

	function file_check() {
?>
<div style="padding:10px;">
	<b>此功能未完成</b>
</div>
<?php
	}
}
?>
